VMware Networking Community
jstander
Enthusiast
Enthusiast
Jump to solution

vMSC with NSX questions

Hi,

Background:

2 sites with vBlocks and using vPLEX for stretched storage with vMSC as well and a stretched layer 2.

Replacing the existing network with NSX which is a good fit here with layer 2 DCI over VXLAN

Keep existing vMSC and not using Cross-VC with NSX.



I have read the design guide but have more question now that before I read it J page 13 -15 and 125 -129

https://communities.vmware.com/servlet/JiveServlet/downloadBody/32552-102-2-44455/Multi-site%20Optio...


From the design guide, and what i understand, it seems I should have a couple of options but please correct me where i am wrong in my lists below.


  • Active/passive ESG with single site used for all egress (no universal objects)
    • Dynamic routing with single control VM
    • Logical networks stretched across 2 sites
  • Active/passive ESG with single site used for all egress (with universal objects)
    • UDLR with status = deployed
    • Local egress
    • ESGS with ECMP northbound
    • Logical networks stretched across 2 sites
    • Not really worth it since only a single
  • Active/Active ESGs with site specific egress (with universal objects)
    • no universal control VM – only static routing
    • Logical networks stretched across 2 sites
    • UDLR with status = Active

For all these options, if you I want to use stateful services:

    • Install single ESG with HA enable for active/standby per site.
    • Replicate the stateful services manually across sites.

My questions which i hope somebody can help me with:

  1. How do I configure multiple active ESGs?
    1. How do I set the ESGs to be either active or passive?
    2. I would assume you treat these just as physical routers with different GW IP address, is this correct?
  2. For any of these options, are there any manual intervention required for site failover?
    1. I know that HA is supported for vCenter, NSX Manager and NSX Controllers.
    1. What if I have all active ESG’s setup at both sites, will that be an automatic failover?
  3. With active/passive ESGs we can perform dynamic routing, is that a correct statement?
    1. Could we use OSPF or BGP?


Thank you

Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
lhoffer
VMware Employee
VMware Employee
Jump to solution

  1. How do I configure multiple active ESGs?
    1. How do I set the ESGs to be either active or passive?
      • The "active" ESG is just the one that's more attractive to the DLR from a routing metric perspective so the actual mechanism will vary, but as an example, if you're using BGP between the ESGs and DLR, you would just configure the BGP neighbor associated with the "active" ESG with a higher weight on the DLR.
    2. I would assume you treat these just as physical routers with different GW IP address, is this correct?
      • Yes, the ESGs in this case are the next L3 hop after the DLR for egress traffic
  2. For any of these options, are there any manual intervention required for site failover?
    1. What if I have all active ESG’s setup at both sites, will that be an automatic failover?
      • Depends on how you do your routing.  If you use OSPF or BGP with ECMP enabled on the DLR to get default routes from the ESGs then no intervention required, however, static routing will likely require manual intervention to stop sending traffic to the dead ESG.  Just be careful with ECMP to consider the potential for asymmetric routing of return traffic and how that'll affect stateful services like NAT, firewall, etc. (page 91 of the design guide goes into more detail around this).
  3. With active/passive ESGs we can perform dynamic routing, is that a correct statement?
    1. Could we use OSPF or BGP?
      • Yes, possible and recommended in most cases.

View solution in original post

Reply
0 Kudos
1 Reply
lhoffer
VMware Employee
VMware Employee
Jump to solution

  1. How do I configure multiple active ESGs?
    1. How do I set the ESGs to be either active or passive?
      • The "active" ESG is just the one that's more attractive to the DLR from a routing metric perspective so the actual mechanism will vary, but as an example, if you're using BGP between the ESGs and DLR, you would just configure the BGP neighbor associated with the "active" ESG with a higher weight on the DLR.
    2. I would assume you treat these just as physical routers with different GW IP address, is this correct?
      • Yes, the ESGs in this case are the next L3 hop after the DLR for egress traffic
  2. For any of these options, are there any manual intervention required for site failover?
    1. What if I have all active ESG’s setup at both sites, will that be an automatic failover?
      • Depends on how you do your routing.  If you use OSPF or BGP with ECMP enabled on the DLR to get default routes from the ESGs then no intervention required, however, static routing will likely require manual intervention to stop sending traffic to the dead ESG.  Just be careful with ECMP to consider the potential for asymmetric routing of return traffic and how that'll affect stateful services like NAT, firewall, etc. (page 91 of the design guide goes into more detail around this).
  3. With active/passive ESGs we can perform dynamic routing, is that a correct statement?
    1. Could we use OSPF or BGP?
      • Yes, possible and recommended in most cases.
Reply
0 Kudos